Work around a potential XSS in spamd_db.php. Small version bump for spamd.

author: jim-p <jimp@pfsense.org> 2015-10-01 11:05:23 -0400
committer: jim-p <jimp@pfsense.org> 2015-10-01 11:05:38 -0400
commit: 22a8681e70bc2218b3f41830bd37edbd47f649cb (patch)
tree: 33f844404b79ac66b7f9cc7e37ace63fec177da8 /config/spamd/spamd_db.php
parent: d238244e096816c15ab0f0a8eb64c224d2fff36c (diff)
download: pfsense-packages-22a8681e70bc2218b3f41830bd37edbd47f649cb.tar.gz
pfsense-packages-22a8681e70bc2218b3f41830bd37edbd47f649cb.tar.bz2
pfsense-packages-22a8681e70bc2218b3f41830bd37edbd47f649cb.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/config/spamd/spamd_db.php b/config/spamd/spamd_db.php
index c81f5916..d544ce16 100644
--- a/config/spamd/spamd_db.php
+++ b/config/spamd/spamd_db.php
@@ -55,7 +55,7 @@ if ($spamtrapemail) {
 /* handle AJAX operations */
 if ($_GET['action'] or $_POST['action']) {
 	/* echo back buttonid so it can be turned  back off when request is completed. */
-	echo $_GET['buttonid'] . "|";
+	echo htmlspecialchars($_GET['buttonid']) . "|";
 	if ($_GET['action']) {
 		$action = $_GET['action'];
 	}
author	jim-p <jimp@pfsense.org>	2015-10-01 11:05:23 -0400
committer	jim-p <jimp@pfsense.org>	2015-10-01 11:05:38 -0400
commit	22a8681e70bc2218b3f41830bd37edbd47f649cb (patch)
tree	33f844404b79ac66b7f9cc7e37ace63fec177da8 /config/spamd/spamd_db.php
parent	d238244e096816c15ab0f0a8eb64c224d2fff36c (diff)
download	pfsense-packages-22a8681e70bc2218b3f41830bd37edbd47f649cb.tar.gz pfsense-packages-22a8681e70bc2218b3f41830bd37edbd47f649cb.tar.bz2 pfsense-packages-22a8681e70bc2218b3f41830bd37edbd47f649cb.zip